internal-comms
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONNO_CODE
Full Analysis
- PROMPT_INJECTION (LOW): The skill is vulnerable to indirect prompt injection due to its reliance on untrusted external data sources.\n
- Ingestion points: Data is ingested from Slack channels, Emails, Google Drive documents, and Calendar events (found in
3p-updates.md,company-newsletter.md, andfaq-answers.md).\n - Boundary markers: Absent. The skill provides no instructions to use delimiters or to treat retrieved data as untrusted content that should not be followed as instructions.\n
- Capability inventory: The skill assumes the agent has tools to search and read sensitive internal communications platforms.\n
- Sanitization: Absent. There are no guidelines to filter, escape, or sanitize content retrieved from external sources before processing it.\n- DATA_EXFILTRATION (LOW): The skill facilitates the aggregation of highly sensitive information, including executive emails and private company strategy documents. While this is the primary purpose of the skill, the lack of output constraints or data-handling boundaries creates a potential exfiltration path for sensitive corporate data if the agent is compromised.\n- NO_CODE (SAFE): The skill does not contain any executable scripts, binaries, or configuration files that could hide traditional malware or perform unauthorized system operations. All instructions are provided in plain-text Markdown.
Audit Metadata